Known Vulnerabilities for products from Forgerock
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Forgerock".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2025-20628 json | Not Provided | 2026-04-07 | 2026-04-08 | |
| CVE-2023-1656 json | Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. OpenIDM and Java Remote Connector Server (RCS... | 7.5 - HIGH | 2023-03-29 | 2023-11-07 |
| CVE-2023-0511 json | Relative Path Traversal vulnerability in ForgeRock Access Management Java Policy Agent allows Authentication Bypass. This iss... | 9.8 - CRITICAL | 2023-02-28 | 2023-11-07 |
| CVE-2023-0339 json | Relative Path Traversal vulnerability in ForgeRock Access Management Web Policy Agent allows Authentication Bypass. This issu... | 9.8 - CRITICAL | 2023-02-28 | 2023-11-07 |
| CVE-2022-24670 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.5 - MEDIUM | 2022-10-27 | 2022-10-31 |
| CVE-2022-24669 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.5 - MEDIUM | 2022-10-27 | 2022-10-31 |
| CVE-2022-3748 json | Improper Authorization vulnerability in ForgeRock Inc. Access Management allows Authentication Bypass.This issue affects Acce... | 9.8 - CRITICAL | 2023-04-14 | 2023-11-07 |
| CVE-2022-0143 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2022-09-19 | 2022-09-21 |
| CVE-2021-37154 json | In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementation allows XML injection, potentially enabling a fraud... | 9.8 - CRITICAL | 2021-08-25 | 2021-09-01 |
| CVE-2021-37153 json | ForgeRock Access Management (AM) before 7.0.2, when configured with Active Directory as the Identity Store, has an authentica... | 9.8 - CRITICAL | 2021-08-25 | 2022-07-12 |
| CVE-2021-35464 json | ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. ... | 9.8 - CRITICAL | 2021-07-22 | 2021-08-02 |
| CVE-2021-29156 json | ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an unauthenticated attacker can... | 7.5 - HIGH | 2021-03-25 | 2021-03-29 |
| CVE-2021-4201 json | Missing access control in ForgeRock Access Management 7.1.0 and earlier versions on all platforms allows remote unauthenticat... | 9.8 - CRITICAL | 2022-02-14 | 2022-02-23 |
| CVE-2020-17465 json | Dashboards and progressiveProfileForms in ForgeRock Identity Manager before 7.0.0 are vulnerable to stored XSS. The vulnerabi... | 6.1 - MEDIUM | 2020-08-31 | 2020-09-04 |
| CVE-2019-3800 json | CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the use... | 7.8 - HIGH | 2019-08-05 | 2019-10-09 |
| CVE-2018-7272 json | The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part of the URL, which allows attackers to obtain sensitiv... | 6.5 - MEDIUM | 2018-02-21 | 2018-03-18 |
| CVE-2017-14395 json | Auth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 do... | 6.1 - MEDIUM | 2019-06-19 | 2019-06-21 |
| CVE-2017-14394 json | OAuth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 d... | 6.1 - MEDIUM | 2019-06-19 | 2019-06-21 |
| CVE-2016-10097 json | XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/idpv2 in OpenAM - Access Management 10.1.0 allows remot... | 7.5 - HIGH | 2017-01-02 | 2017-01-11 |
| CVE-2016-6500 json | Unspecified methods in the RACF Connector component before 1.1.1.0 in ForgeRock OpenIDM and OpenICF improperly call the Searc... | 8.1 - HIGH | 2017-02-03 | 2017-03-02 |
Known software with vulnerabilities from Forgerock
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Forgerock | Access Management | 5.0.0 |
| Application | Forgerock | Identity Manager | 6.0.0.6 |
| Application | Forgerock | Openam | 10.0.0 |
| Application | Forgerock | Service Broker | - |